<?php

@session_start();
require_once("../includes/config.php");
require_once("../includes/class/user.class.php");

$user = new User();
	if(( isset($_POST['login']) && $_POST['login'] !="") && (isset($_POST['password']) && $_POST['password'] !="")  && ( is_string($_POST['login']) && is_string($_POST['password']))  )
	{  			
		if(!isset($_SESSION['intentosLog']))
	    	$_SESSION['intentosLog']=1;
		
		$loginUsername	=	trim(mysql_real_escape_string($_POST['login']));
    	$pass			=	trim(mysql_real_escape_string($_POST['password']));
		$password		=	md5($loginUsername.$pass.$loginUsername);	// el password es la combinacion de login con password y encriptado en md5.
		
		if($user->validateAccount($loginUsername,$password) && ($_SESSION['intentosLog']<4 || ($_SESSION['intentosLog']>=4 && isset($_POST['letraVal']) && $_POST['letraVal']==$_SESSION['codigoVal'])))
		{		
			if($user->status==1)
			{
				$_SESSION['typeUser'] 		= $user->type;	    
				$_SESSION['nameUser'] 		= ucfirst($user->name);
				$_SESSION['emailUser']  	= $user->email;
				$_SESSION['codeUser']  		= $user->code;
				$_SESSION['statusUser']  	= $user->status;
				$_SESSION['img']  			= $user->img;					
				$_SESSION['statusSession']  = true;					
				$_SESSION['intentosLog'] 	= 1;
				
				//$_SESSION['modelsUsers'] 	= $user->listPrivilegeForUser($user->code);
				
				echo "<script>window.location.href = 'home.php'</script>";				
			}
			elseif($user->status==3)
			{
				echo "<script>alert('Now Go ".$loginUsername." user actually are, is blocked.');</script>";	
				
				$_SESSION['intentosLog'] = 3;
				echo "<script>window.location.href = 'index.php'</script>";	
			}
		}		
		else
		{
			 $_SESSION['intentosLog']++;
			
			echo "<script>alert('Datos incorrectos');</script>";	 
			echo "<script>window.location.href = 'index.php'</script>";				
		}
		
		if($_SESSION['intentosLog'] >= 6)
		{		 
		  if($user->validateAccount($loginUsername,$password) && $user->status==3)
				echo "<script>alert('Ahora ".$loginUsername." esta bloqueado.');</script>";	
		  
		  elseif($user->userExist($loginUsername))
			{
				if($user->status==1)
			     {
					$user->userBloq($user->code);
				 /*	$email->mensaje = "El usuario con id ( ".$user->code." ) ha sido bloqueado en por intento de ingreso fraudulento";
					$email->asunto_mail = "Usuario bloqueado";
					$email->destinatario = "jhoneider@hotmail.com";
					mail($user->email,$email->asunto_mail,$email->mensaje);*/
					echo "<script>alert('".$loginUsername." usuario bloqueado comuniquese con el administrador.');</script>";		
				}			
		    }
		  
		  $_SESSION['intentosLog'] = 3;
		  $delay=0;
		  $url="index.php";
		  echo "<meta http-equiv='Refresh' content='$delay; url=$url'>";
		}
	}	
	
	if(isset($_SESSION['intentosLog']) && $_SESSION['intentosLog']>=4)
	{
		$showCatpcha =  1;	// cuando sesion es igual ha 1 es para que muestre la imagen de seguridad en el login 
	}
	else
	{
		$showCatpcha =  0;
	}	
	

?>
